How it works

DocSecurity is an agent based solution which enforces data protection on each Windows workstation that processes sensitive files. It is able to protect documents in every situation: when they are stored on drives, when they travel (no matter how or where) and when their content is processed by authorized applications (no matter which).

DocSecurity relies on Active Directory and most of the work is performed in the background so that users are not impacted in a negative manner when they work with documents.
It is also easy to setup, configure and run DocSecurity as this requires only a few steps:

Setup

The product can be installed on a server or workstation running Windows Vista or a newer Windows OS.

Once the server is installed, the main interface is open in a browser and allows the product to be configured.

Configuration needs a few things to be defined:

Which document types are subject to protection. DocSecurity is shipped with a list of common document types that will be protected (e.g. *.doc, *.xlsx, etc.), but one can customize this list as needed.

Which applications are authorized to process sensitive documents. The content of the protected documents will only be accessible to authorized applications. Each such application has a corresponding profile in DocSecurity so that they can be properly identified. Out of the box, DocSecurity provides profiles for the most common applications (e.g. Microsof Word, Excel, etc.). Users can also create and add profiles for other applications.

The users entitled to work with protected documents. Besides naming these users, one can also setup their default rights (e.g. if they are allowed to copy/paste or print parts of the content).

The machines on which protected documents are processed. These are the workstations on which the DocSecurity agent will be deployed.

Run

Once the configuration is complete, one can deploy the agent on the target machines.

The agent runs in the background on each designated machine and protects documents automatically. It also checks and enforces users rights whenever a protected document is open.

Depending on rights, users can protect and unprotect documents manually
as well. For each protected documents they create, users can also specify who is entitled to open those documents.

Product details

DocSecurity is currently under development and it implements the following features:

Document protection

DocSecurity can protect any document by using standard encryption based on Windows EFS and an internal engine that uses AES and RSA algorithms.
Encryption can be turned on and off manually. This can be done at file level through the pop-up menu in Windows Explorer or other file managers.

When protected documents are sent across the network, they travel in an encrypted format. Upon arrival at destination, if a DocSecurity agent is present on the machine, a protected file is
automatically recognized by DocSecurity when it is saved on the local disk and the protection settings are enforced on that document.

Works with any Windows application

Other protection solutions on the market are only compatible with few applications. That means that only those apps are able to open and process the decrypted content of the protected files in a secure manner. For instance, some solutions can encrypt PDF files, but users will be able to view such files only with a custom, compatible viewer. Furthermore, some products are not compatible with Adobe Acrobat Reader, which can be annoying for many. DocSecurity doesn’t have this limitation. With DocSecurity protected PDF files can be opened by Adobe Acrobat Reader or any other PDF reader users may like.

When DocSecurity is active, protected documents can only be accessed by authorized applications. To properly recognize these applications, DocSecurity relies on profiles which include various information about applications e.g. the name of the main executable, signature details, dlls, etc.
These definitions can be created on imported in the main interface so that users are free to authorize any application they want.

DocSecurity offers, out-of-the-box, profiles for the most common document processors. A dedicated tool is also included in the product so that users can easily profile any commercial or custom application they like.

Authorized applications can open the decrypted content of a protected document, but this is not all. DocSecurity also controls what users do with that content once it is open. This is possible through operational rights defined for each user. These rights specify which sensitive operations are allowed or blocked while working with documents: e.g. copy/paste, print, print screen, etc.

Additionally, for each authorized application, one can also restrict the network connections performed while working with documents to make sure there is no underground network activity that can expose the document data to unauthorized sites or services.

An important feature that makes DocSecurity different from other products is the way copy/paste operations are handled: to avoid impacting users in a negatively manner, copy/paste is not blocked totally, but it is allowed between authorized applications. That means, for example, that users are always allowed to copy information from Microsoft Word into Microsoft Excel if they are both authorized, but unless the proper rights are enabled, they will be blocked from copying data from Microsoft Word and pasting it into unauthorized programs like Outlook or Notepad or a browser, etc.

Compliance ready

DocSecurity was designed to ensure data protection and privacy in mind, so all the keys and certificates used to encrypt documents are created and stored locally. Unlike other protection solutions, DocSecurity does not rely on cloud or other 3rd party services to apply protection nor to intermediate the transfer or storage of the protected files. Everything is controlled and works within the local network.
This approach makes DocSecurity a very useful tool to ensure compliance with different data protection regulations like: PCI-DSS, HIPAA, SOX, GLBA and many others.

Through specially designed reporting features, DocSecurity is also useful to companies that need to be compliant with particular European data privacy regulations like the ones from Germany, Austria and Switzerland.